D487 STUDY GUIDE 2026 FINAL REVIEW
QUESTIONS AND COMPLETE SOLUTIONS
STRUCTURED PREPARATION GUIDE
GRADED A+
⩥ Which post-release support activity defines the process to
communicate, identify, and alleviate security threats?
Answer: PRSA1: External vulnerability disclosure response
⩥ What are two core practice areas of the OWASP Security Assurance
Maturity Model (OpenSAMM)?
Answer: Governance, Construction
⩥ Which practice in the Ship (A5) phase of the security development
cycle uses tools to identify weaknesses in the product?
Answer: Vulnerability scan
⩥ Which post-release support activity should be completed when
companies are joining together?
Answer: Security architectural reviews
⩥ Which of the Ship (A5) deliverables of the security development cycle
are performed during the A5 policy compliance analysis?
,Answer: Analyze activities and standards
⩥ Which of the Ship (A5) deliverables of the security development cycle
are performed during the code-assisted penetration testing?
Answer: white-box security test
⩥ Which of the Ship (A5) deliverables of the security development cycle
are performed during the open-source licensing review?
Answer: license compliance
⩥ Which of the Ship (A5) deliverables of the security development cycle
are performed during the final security review?
Answer: Release and ship
⩥ How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on agile?
Answer: iterative development
⩥ How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on devops?
Answer: continuous integration and continuous deployments
⩥ How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on cloud?
, Answer: API invocation processes
⩥ How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on digital enterprise?
Answer: enables and improves business activities
⩥ Which phase of penetration testing allows for remediation to be
performed?
Answer: Deploy
⩥ Which key deliverable occurs during post-release support?
Answer: third-party reviews
⩥ Which business function of OpenSAMM is associated with
governance?
Answer: Policy and compliance
⩥ Which business function of OpenSAMM is associated with
construction?
Answer: Threat assessment
⩥ Which business function of OpenSAMM is associated with
verification?
QUESTIONS AND COMPLETE SOLUTIONS
STRUCTURED PREPARATION GUIDE
GRADED A+
⩥ Which post-release support activity defines the process to
communicate, identify, and alleviate security threats?
Answer: PRSA1: External vulnerability disclosure response
⩥ What are two core practice areas of the OWASP Security Assurance
Maturity Model (OpenSAMM)?
Answer: Governance, Construction
⩥ Which practice in the Ship (A5) phase of the security development
cycle uses tools to identify weaknesses in the product?
Answer: Vulnerability scan
⩥ Which post-release support activity should be completed when
companies are joining together?
Answer: Security architectural reviews
⩥ Which of the Ship (A5) deliverables of the security development cycle
are performed during the A5 policy compliance analysis?
,Answer: Analyze activities and standards
⩥ Which of the Ship (A5) deliverables of the security development cycle
are performed during the code-assisted penetration testing?
Answer: white-box security test
⩥ Which of the Ship (A5) deliverables of the security development cycle
are performed during the open-source licensing review?
Answer: license compliance
⩥ Which of the Ship (A5) deliverables of the security development cycle
are performed during the final security review?
Answer: Release and ship
⩥ How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on agile?
Answer: iterative development
⩥ How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on devops?
Answer: continuous integration and continuous deployments
⩥ How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on cloud?
, Answer: API invocation processes
⩥ How can you establish your own SDL to build security into a process
appropriate for your organization's needs based on digital enterprise?
Answer: enables and improves business activities
⩥ Which phase of penetration testing allows for remediation to be
performed?
Answer: Deploy
⩥ Which key deliverable occurs during post-release support?
Answer: third-party reviews
⩥ Which business function of OpenSAMM is associated with
governance?
Answer: Policy and compliance
⩥ Which business function of OpenSAMM is associated with
construction?
Answer: Threat assessment
⩥ Which business function of OpenSAMM is associated with
verification?
